TLS (HTTPS)

Warning: According to the project's CHANGELOG.md, the built-in tls feature was removed in version 0.4.0. The information below may be outdated and is provided for users of older versions of warp.

warp previously offered a built-in way to serve your application over TLS (HTTPS), securing the communication between the server and the client.

Historical Usage

When the tls feature was enabled, you could configure and run a TLS server using a builder pattern on warp::serve.

Here is an example based on examples/tls.rs demonstrating how it was used:

// This example requires the 'tls' feature, which is removed in v0.4.0
#[cfg(feature = "tls")]
async fn run_tls_server() {
    use warp::Filter;

    let routes = warp::any().map(|| "Hello, Secure World!");

    warp::serve(routes)
        .tls()
        // Specify the path to your certificate and private key files
        .cert_path("examples/tls/cert.pem")
        .key_path("examples/tls/key.rsa")
        .run(([127, 0, 0, 1], 3030))
        .await;
}

This setup involved:

1. Calling .tls() on the Server instance.
2. Providing the path to a PEM-encoded certificate file via .cert_path().
3. Providing the path to a PEM-encoded private key file (RSA or ECC) via .key_path().

Modern Approach

For warp versions 0.4.0 and newer, you should handle TLS termination at a layer above warp. Common approaches include:

1. Using a Reverse Proxy: Deploy a reverse proxy like Nginx, Caddy, or Traefik in front of your warp application. The proxy handles TLS termination and forwards plain HTTP traffic to your warp server. This is a common and recommended practice for production deployments.
2. Using a library like hyper-rustls: Manually create an acceptor that wraps incoming TCP streams with a TLS layer before they are passed to warp's server.